Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inverse matching of tags. Issue #10186 #4164

Merged
merged 1 commit into from Jan 17, 2020
Merged

inverse matching of tags. Issue #10186 #4164

merged 1 commit into from Jan 17, 2020

Conversation

vktg
Copy link
Contributor

@vktg vktg commented Jan 16, 2020

allow to inverse tagged rules
i.e.
block out quick on RED_NET ! tagged RED_NET_OK

jim-p
jim-p requested changes Jan 16, 2020
View reviewed changes
Copy link
Contributor

@jim-p jim-p left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a couple minor adjustments. Applies and works OK otherwise.

src/usr/local/www/firewall_rules_edit.php Outdated
@@ -521,6 +525,10 @@ function is_aoadv_used($rule_config) {
$input_errors[] = gettext("Invert match cannot be selected with 'any'.");
}

if ((isset($_POST['nottagged']) && empty($_POST['tagged']))) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is an extra set of parenthesis on the outside this test

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

src/usr/local/www/firewall_rules_edit.php
$group->add(new Form_Checkbox(
'nottagged',
'nottagged',
'Invert',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be Invert match

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done,
but now GUI is not so pretty

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that now, it forces a word wrap. I guess it's OK to move it back to just 'Invert' and adjust the text below to match.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

src/usr/local/www/firewall_rules_edit.php Outdated
$pconfig['tagged']
))->setWidth(4);

$group->setHelp('A packet can be matched on a mark placed before on another rule.');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change this to:

Match a mark placed on a packet by a different rule with the Tag option. Check Invert match to match packets which do not contain this tag.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@vktg vktg force-pushed the nottagged branch 2 times, most recently from 1744dc8 to eb4e805 Compare January 16, 2020 15:13
@jim-p jim-p added the Tested label Jan 16, 2020
netgate-git-updates pushed a commit that referenced this pull request Jan 17, 2020
@rbgarga
Merge pull request #4164 from vktg/nottagged
b1ea180
@netgate-git-updates netgate-git-updates merged commit effb726 into pfsense:master Jan 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jim-p jim-p jim-p approved these changes

Assignees
No one assigned
Labels
Tested
Projects
None yet
Milestone
No milestone
3 participants
@vktg @jim-p @netgate-git-updates